Privacy Policy

Section 1: Introduction

RAINBOW BLINDS AND FABRICS LIMITED T/A Rainbow Blinds (“Rainbow Blinds”, “We”, “Us”) is committed to protecting and respecting your privacy and rights. As an essential part of our business, we collect and manage customer data, and in doing so, we observe UK data protection legislation.

This Privacy Notice sets out how we use and protect any information that you give us when you use our services. It describes how we collect, manage, process, store, and share information about you as a result of you visiting this site. If we ask you to provide information by which you can be identified, it will only be used in accordance with this privacy notice.

This notice also provides you with information about how you can control our use of your data. Please note that we will update this Privacy Statement regularly to keep you informed of our approach to data protection.

If you have any comments or queries, or wish to unsubscribe from marketing communications, please contact our Data Protection Officer ("DPO") by post at: Data Protection Officer, 61 Canyon Road, Netherton Industrial Estate, Wishaw, Lanarkshire, ML2 0EG.

This policy is effective from 28th August 2025.

Section 2: Who is collecting your data?

RAINBOW BLINDS AND FABRICS LIMITED is the Data Controller collecting your data.

Our registered address is: 61 Canyon Road, Netherton Industrial Estate, Wishaw, Lanarkshire, ML2 0EG

Section 3: What information is being collected?

Personal Details We collect the following data to provide you with our services, which you provide to us: Title; First Name; Surname; Phone Numbers (landline; mobile); Email; Addresses (home; alternative/contact); relevant card/billing information.

Website Visitor Data When you visit this website, we may collect technical information such as your IP address, login information, browser type and version, country, and telephone code, and information about your visit including products you viewed or searched for, page response times, and length of visits.

Google Analytics For more information on how Google uses data, please visit their policy page: https://policies.google.com/privacy/partners?hl=en-GB&gl=uk

Bing Ads Our Bing Ads use Universal Event Tracking (UET) to track what happens after someone has clicked on our adverts.

Microsoft Clarity We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioural metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

Section 4: How is it collected?

We collect your data via:

  • Customer submission: When you provide personal data via online forms, telephone, email, letter, or in person.

  • Website interaction: We use services like Google Analytics, Google Adwords, Bing Ads, Microsoft Clarity, and Facebook Ads, which use tracking technology like cookies.

  • Telephone calls: Our telephone system records the phone number used for incoming calls.

Section 5: Why is information being collected and how will we use it?

We use your data for the following purposes:

  • 5.1 – Order Processing: To carry out our obligations from any contracts between you and us, including manufacturing and installing orders, processing payments, fraud prevention, and customer services. We may share your information with external companies to assist in these services, but they are not permitted to use your information for any other purpose.

  • 5.2 – Marketing: With your specific consent, we will use your data to provide you with marketing services about new products or services. We use external companies for these services, and they are prohibited from sharing your data.

  • 5.3 – Customer Engagement: To invite you to participate in surveys, write reviews, or enter competitions.

  • 5.4 – Website Improvement: To ensure our website content is presented effectively and to improve our site and internal processes. For more information, please see our Cookies Policy.

  • 5.5 – Personalization: To understand your browsing habits so we can improve our service and contact you about products and services that may be of interest. This is enabled by cookies, as described in our Cookies Policy.

You can change your mind about receiving marketing or how we process your data at any time by contacting our DPO.

Section 6: How Long Will We Keep Your Data?

We will not keep your data for longer than is necessary to complete the activity for which it was collected, unless there is a legitimate or legal reason to retain it.

  • Technical data from website visits may be held for analytics purposes for up to 26 months.

  • Personal data provided for orders and services will be retained for a minimum of 6 years for legal and tax purposes.

Section 7: Who will it be shared with?

To fulfil our contractual obligations, we may share your data with essential third-party service providers, such as payment processors and delivery companies. We only share the minimum information necessary and ensure they are committed to protecting your data.

For operational purposes, including accounting and management, we may share your data with our parent group, GC Group Ltd.

We will only exchange your data with another organisation if: i) we have your express permission; ii) it is necessary to honour a contract with you; iii) we have a legal obligation to do so; iv) it is in the public interest; v) it is necessary for legal claims; or vi) it is necessary to protect your vital interests.

We will never sell your personal data to any external organisation.

Section 8: International Data Transfers

Some of our external third-party service providers (such as our email marketing platform) are based outside the UK, so their processing of your personal data will involve a transfer of data outside the UK. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring that the transfer is to a country that has been deemed to provide an adequate level of protection for personal data by the UK, or by using specific contracts or data transfer frameworks approved by the UK which give personal data the same protection it has in the UK.

Section 9: What will be the effect of this on the individuals concerned?

We only ask for data that enables us to offer the best customer experience, from processing an order to ensuring our website functions properly. We actively seek permission to use personal data, and as this data must be supplied by the customer, we do not feel this use is likely to cause an individual to object or complain.

Section 10: How Can You Access The Personal Data We Hold?

You have the right to ask us, in writing, for a copy of all the personal data we hold about you (a "Subject Access Request"). You can obtain this information at no cost, except in exceptional circumstances. We will send you a copy of the information within 30 days of your request.

To make a Subject Access Request, please write to our DPO at the postal address shown in Section 1.

Section 11: Updating, Amending or Deleting Your Personal Data

If you want to update or amend your personal data or consent preferences, please contact our DPO. Any requested and legitimate changes will take effect within 28 days.

You have the right to be forgotten and can request that we delete your personal data. Please contact our DPO.

Section 12: Data Privacy and Security

We maintain a comprehensive range of IT policies to ensure data protection is a key consideration in all our IT systems. We conduct impact assessments to identify and mitigate any risks.

Our active information security programme protects the availability, confidentiality, and integrity of all physical and information assets. We protect against potential breaches, ensure IT facilities are secure, and increase awareness of information security requirements among our staff.

We use Secure Socket Layer (SSL) to secure data and transactions on our website.

Section 13: Disclaimers

Every effort is made to ensure the information on this website and in this Privacy Notice is accurate and up-to-date, but no legal responsibility is accepted for any errors or omissions.

We cannot accept liability for your use of the information on this website, nor do we warrant that the supply of information will be uninterrupted. All material accessed or downloaded from this website is at your own risk, and it is your responsibility to use appropriate anti-virus software.

This Privacy Notice applies solely to the data collected by us and not to third-party websites. We are not responsible for the privacy statements on third-party websites and advise you to read them carefully.

Section 14: General

Questions, comments, and requests regarding this Privacy Notice are welcomed and should be sent to our DPO.